package com.shiro.realms;

import org.apache.shiro.authc.*;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;

import java.util.HashSet;
import java.util.Set;

public class ShirRealms extends AuthorizingRealm {

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        System.out.println("==================================================FirstRealm+++++++++++++++++++++++++++++++++++++++");
        System.out.println("doGetAuthenticationInfo: " + authenticationToken + "=============================================");
        //1、把AuthenticationToken转换为UsernamePasswordToke
        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) authenticationToken;
        //2、从UsernamePasswordToken中获取username
        String username = usernamePasswordToken.getUsername();
        //3、调用数据的方法，查询username的记录
        System.out.println("++++++++++++++++从数据库获取username: " + username + "所对应的信息");
        //4、若用户不存在，则可以抛出UnknowAccountException
        if ("unknow".equals(username)) {
            throw new UnknownAccountException("==========================================用户不存在==========================================");
        }
        //5、根据用户信息的情况，决定是否需要抛出其他的AuthenticationException
        if ("monster".equals(username)) {
            throw new LockedAccountException("==========================================用户被锁定==========================================");
        }
        //6、根据用户的情况，来构建AuthenticationInfo对象并返回，通常使用的实现类为SimpleAuthenticationInfo
        //以下信息是从数据库中获取的

        //principal:认证的实体信息，可以是username，也可以是数据库表对应的用户的实体类对象
        Object principal = username;
        //credentials 密码
        Object credentials = "";
        if ("admin".equals(username)) {
            credentials = "038bdaf98f2037b31f1e75b5b4c9b26e";
        } else if ("user".equals(username)) {
            credentials = "098d2c478e9c11555ce2823231e02ec1";
        }
        //realmName 当前realm对的name，调用父类的getName()方法即可
        String realmName = getName();
        // 盐值
        ByteSource credentialSalt = ByteSource.Util.bytes(username);
//        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal,credentials,realmName);
        SimpleAuthenticationInfo info = new SimpleAuthenticationInfo(principal, credentials, credentialSalt, realmName);

        return info;
    }
    //授权实现的方法
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
        System.out.println("=========================doGetAuthorizationInfo==========================================");
        //1、从PrincipalConllection中获取登录用户的信息
        Object principal = principalCollection.getPrimaryPrincipal();
        Set<String> roles = new HashSet<>();
        roles.add("user");
        //2、利用登录的用户信息来获取当前用户的信息（可能要查询数据库）
        if ("admin".equals(principal)) {
            roles.add("admin");
        }
        //3、创建SimpleAuthorizationInfo,并设置其roles属性
        SimpleAuthorizationInfo info = new SimpleAuthorizationInfo(roles);
        //4、返回SimpleAuthorizationInfo对象
        return info;
    }
}
